turso

Warn

Audited by Socket on May 19, 2026

1 alert found:

Anomaly
AnomalyLOW
references/quickstart.md

The remote installer pattern (curl | sh / irm | iex) represents a classic high-supply-chain-risk vector due to unverified remote code execution. To reduce risk, prefer: pinned, signed releases; checksums or signature verification; explicit installer provenance; use of package managers or container/VM images with verifiable hashes; and offline or CI-verified installation methods. Implement security controls around installer delivery, such as TLS pinning, content hashing, and code signing.

Confidence: 65%Severity: 66%
Audit Metadata
Analyzed At
May 19, 2026, 06:39 AM
Package URL
pkg:socket/skills-sh/itechmeat%2Fllm-code%2Fturso%2F@c6073f2e071085e3495de814fce6ef740e48c1f5
Security Audit — socket — turso